On Wednesday 13 December 2006 10:32, Gustin Johnson wrote: > I will preface this by saying that I will always err on the side of > allowing communication rather than impeding it. We have to be careful > not to do more damage as a result of an emotional reaction. SPAM is > bad/evil/annoying/amoral/illegal etc., but blocking legitimate email is > a worse offence IMO. >
Agreed. > Also, whenever you block a message, you should bounce it as oppose to > dropping it silently. This way if there are false positives, the sender > is at least aware that there is a problem. > Is it not possible that a spammer could spoof [EMAIL PROTECTED] as the sender? Would that not mean poor xyz would receive 100,000 bounce messages? I think if the SA score is high enough (arbitrary) then you can ship it to /dev/null If it's somewhere in the middle, either tag the subject or bounce it. > I use a combination of RBL and greylisting, with spam assassin Rules Du > Jour. > > The following are the RBL lists we use, I have commented out two that > have been problematic: > > dnslists = sbl-xbl.spamhaus.org : \ > list.dsbl.org : \ > dul.dnsbl.sorbs.net : \ > web.dnsbl.sorbs.net : \ > dnsbl.njabl.org : \ > # relays.ordb.org : \ > cbl.abuseat.org : \ > http.dnsbl.sorbs.net : \ > misc.dnsbl.sorbs.net : \ > socks.dnsbl.sorbs.net : \ > smtp.dnsbl.sorbs.net : \ > zombie.dnsbl.sorbs.net : \ > opm.blitzed.org : \ > blackholes.mail-abuse.org : \ > dialups.mail-abuse.org : \ > hijacked.dnsiplists.completewhois.com : \ > # bogons.dnsiplists.completewhois.com : \ > dnsbl.net.au > > These are the Rules Du Jour we have in place: > > RulesDuJour Run Summary on eq-ml01: > > TripWire has changed on eq-ml01. > Version line: # Version 1.18 More Typo's fixed. > > Matt Kettler's AntiDrug has changed on eq-ml01. > Version line: # rev 0.65 10/01/2006 - updated URL, etc > > EvilNumber has changed on eq-ml01. > Version line: # Version: 02.00.01 # The evilnumber set has been renamed > to match SARE's updated standards, the new name is 70_sare_evilnum0.cf. > Please remove evilnumber local language files > > William Stearn's RANDOM WORD Ruleset has changed on eq-ml01. > Version line: #release: 2004052501 > > SARE Adult Content Ruleset has changed on eq-ml01. > Version line: # Version: 01.02.07 # The Adult set has been renamed to > match SARE's updated standards, the new name is 70_sare_adult.cf > > SARE Fraud Detection Ruleset (for SA ver. 2.5x and greater) has changed > on eq-ml01. > Version line: # Version: 01.03.02 # NOTE: Please update your scripts to > pull this file from it's new location > http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf > > SARE BIZ/Marketing/Learning Ruleset (for SA ver. 2.5x and greater) has > changed on eq-ml01. > Version line: # Version: 01.02.02 # The BML set has been renamed to > match SARE's updated standards, the new name is 72_sare_bml_post25x.cf > > SARE Spoof Ruleset has changed on eq-ml01. > Version line: # Version: 1.09.18 > > SARE 70_sare_bayes_poison_nxm.cf Ruleset has changed on eq-ml01. > Version line: # Version: 1.00 > > SARE OEM Ruleset has changed on eq-ml01. > Version line: # Version: 1.05.14 > > SARE Random Ruleset for SpamAssassin 2.5x and higher has changed on > eq-ml01. Version line: # Version: 1.30.21 > > SARE Obfuscation catching Ruleset (set 0 -- hits mostly spam) has > changed on eq-ml01. > Version line: # Version: 01.00.08 > > SARE Top 200 spamcop ip addresses Ruleset (automatically generated) has > changed on eq-ml01. > Version line: # Modified: 12/5/2006 5:18:59 PM EST > > Greylisting is a technique that blocks a large portion of our spam. > Basically the first time you receive a message from someone, your mail > server replies with a temporary failure. Most sending mail servers will > retry within 15 minutes to an hour. It does require some work in SQL > (mySQL is what we use) but it has been worth every second of the time we > invested in it. > > One caveat, some mail servers have disabled retries. 9 out of 10 times > it is an Exchange server. This is incorrect behaviour for a mail > server, so don't hesitate to let the offending admins know that they > have made a mistake that should be corrected. > > A good greylisting resource can be found here: > http://projects.puremagic.com/greylisting/links.html > > This tends to be a mostly fire and forget solution. Logcheck and our > users keep us informed when things inevitably go wrong (with or without > anti-spam measures). > > Hth, > > Roy Souther wrote: > > I am running spamassassin and using sbl-xbl.spamhaus.org and they to > > stop a lot of SPAM but I am still getting way more then I can stand. > > What are people doing to stop SPAM? I do not want to run a program that > > needs constant attention from me to keep it up to date and working. > > > > There seems to be a lot of IP's and server networks that are dumping a > > lot of SPAM on to the Internet but the block lists are not identifying > > as SPAM'ers. I tried to find some way to submit offending IP addresses > > to SPAMhaus.org but I could not find any way. Perhaps you can only > > submit offending IP's if you are subscribed to a paid service of > > SPAMhaus.org. > > > > Is there a community driven SPAM block listing service? Queries to > > SPAMhaus.org automatically include other block lists but they all seem > > to not let the public submit offending IP's either. > > > > _Royce Souther <mailto:[EMAIL PROTECTED]>_ > > _www.SiliconTao.com <http://www.SiliconTao.com>_ > > Let Open Source help your business move beyond. > > > > For security this message is digitally authenticated by _GnuPG > > <http://www.gnupg.org>_. > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > clug-talk mailing list > > [email protected] > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > > **Please remove these lines when replying > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
